Response to the Office Action of August 19, 2009 
Serial No. 10/733,326 



REMARKS 

Claims 1-4, 6-16, 18-26 and 28-34 are pending in the present application. 
Claims 5, 17 and 27 have been cancelled by way of a previous amendment. 

The Examiner has rejected claims 1-4, 6, 9-16, 18, 21-26, 28 and 31-34 
under 35 U.S.C. § 103(a) as being unpatentable over US Patent Application Publication 
No. 2003/00051 18 to Williams (hereinafter "Williams") in view of US Patent Application 
Publication No. 2004/0210771 to Wood et al. (hereinafter "Wood") in further view of US 
Patent Application Publication No. 2002/0124074 to Levy et al. (hereinafter "Levy"). 

The Office Action was issued following the United States Supreme Court's 
decision in the case of KSR Int'l Co. v. Teleflex Inc. , No. 04-1350 (April 30, 2007). In 
light of the KSR decision, Applicant wishes to address various issues pertaining to a 
proper analysis under section 103. 

The Examiner, by citing three and four references and asserting a reason 
for combining elements from the three and four references, has elected to base the 
rejection of the pending claims upon a teaching, suggestion or motivation to select and 
combine features from the cited references. Applicant wishes to point out that the 
Supreme Court's KSR decision did not reject use of a "teaching, suggestion or 
motivation" analysis as part of an obviousness analysis, characterizing the analysis as 
"a helpful insight." KSR slip op. at 14-15. 
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When the Examiner chooses to base a rejection upon a teaching, 
suggestion or motivation analysis, the Examiner must satisfy the requirements of such 
an analysis. In particular, the Examiner must demonstrate with evidence and reasoned 
argument that there was a teaching, suggestion or motivation to select and combine 
features from the cited references, e.g., In re Lee , 61 USPQ2d 1430, 1433 (Fed. Cir. 
2002). Moreover, the prior art must suggest the desirability of the combination, not 
merely the feasibility, see In re Fulton , 73 USPQ2d 1 141 , 1 145 (Fed. Cir. 2004). 

In the event that the cited references fail to disclose or suggest all of the 
elements recited in the claims, then combining elements from the references would not 
yield the claimed subject matter, regardless of the extent of any teaching, suggestion or 
motivation. 

Although the Supreme Court did not reject use of a "teaching, suggestion 
or motivation" analysis, the Supreme Court did say that it was not the only possible 
analysis of an obviousness question. Because of the Examiner's chosen ground for 
rejection, however, the only pending ground for rejection must be a "teaching, 
suggestion or motivation" analysis. In the event that the Examiner chooses to consider 
a different avenue for rejection, this would be a new ground for rejection not due to any 
action by Applicant. Applicant has a right to be heard on any new ground for rejection. 

Applicant further respectfully reminds the Examiner that, even after l<SR, 
the following legal principles are still valid, having been endorsed by the Supreme Court 
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or having been unaffected by its decision: (1) the USPTO still has the burden of proof 
on the issue of obviousness; (2) the USPTO must base its decision upon evidence, and 
it must support its decision with articulated reasoning (slip op. at 14); (3) merely 
demonstrating that all elements of the claimed invention exist in the prior art is not 
sufficient to support a determination of obviousness (slip op. at 14-15); (4) hindsight has 
no place in an obviousness analysis (slip op. at 17); and (5) Applicant is entitled to a 
careful, thorough, professional examination of the claims (slip op. at 7, 23, in which the 
Supreme Court remarked that a poor examination reflected poorly upon the USPTO). 

Claim 1 has been amended for clarity. It should have been considered 
implicit that redirecting, to a second server, a request received from a browser involves 
transmitting a redirect message to the browser. Claim 1 has been amended to make 
explicit the transmission of the redirect message. 

As described in paragraph [0038] of the present application as published, 
a first server may determine that a request, received from a browser, for a web page 
requires redirection to a second server. Accompanying the request is an encrypted 
session token. The Applicant has figured out that the second server may not be able to 
decrypt the session token so as to obtain a session ID and a timestamp. Accordingly, 
while redirecting the request to the second server, the first server transmits the session 
ID and timestamp directly to the second server. Subsequently, the second server 
receives the redirected request from the browser. Conveniently, the second server may 
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determine, based on the session ID and timestamp received from the first server, that 
the request relates to a valid session. Upon determining that the request relates to a 
valid session, the second server may serve the web page requested in the request. 

Claim 1 requires "transmitting a redirect message to said browser, thereby 
redirecting said request to the second server" and "in conjunction with said transmitting, 
transmitting said session ID and said timestamp directly to the second server". 

The Examiner correctly notes that Williams discloses redirecting a 
received request. However, it important to note, further, that Williams redirects "If a 
request from a client to a protected server does not include a single-use domain token" 
(see paragraph [0067]). The Examiner admits that Williams does not specifically 
disclose including the transmission of said token to the second server in a redirect 
request. It should be clear that Williams does not disclose such transmission because 
Williams onjy redirects a request when no token is received . 

The Examiner then cites Wood to show transmission of a session token 
with a redirect response. The Applicant notes that both the redirect response and the 
session token are transmitted to the same destination, namely "browser 170". Explicit in 
claim 1 is that the redirect message is transmitted to a destination distinct from the 
destination to which the session ID and the timestamp are transmitted. 

Wood shows that the session token transmitted with the redirect (5) 
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response is a new session token (see paragraph [0051]), not a session token received 
with a request from a browser and decrypted to obtain a session ID and a timestamp, 
as required by claim 1. 

The Examiner admits that Williams-Wood does not specifically disclose, in 
the Examiner's words, "the transfer of a session ID parameter and a time and date 
(timestamp) parameter between two network connected systems (servers)". 

The Examiner then cites Levy to illustrate that the transfer of a session ID 
parameter and a time and date (timestamp) parameter between two network connected 
systems has been disclosed. The Applicant agrees that Levy discloses the creation of a 
hit_data record including the current value of sessionjd and the date and time, and the 
transmission of a LOG message to the registration server, where the LOG message 
includes the contents of the hit_data record. The Applicant notes that the entity 
performing the creation of the hit_data record and the transmission LOG message is a 
client (1 , FIG. 1 ) executing a browser (5, FIG. 1 ) and not, as required by claim 1 , a first 
server that is the recipient of a request for a web page that is present at a second 
server. 

Since neither Williams, nor Wood, nor Levy, nor a combination of 
Williams, Wood and Levy disclose or suggest "transmitting a redirect message to said 
browser, thereby redirecting said request to the second server" and "in conjunction with 
said transmitting, transmitting said session ID and said timestamp directly to the second 
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server" as required by claim 1 , as amended, the Applicant submits that claim 1 , as 
amended, may not be properly rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Williams in view of Wood in further view of Levy. The Applicant 
respectfully requests that the Examiner withdraw the rejection of claim 1 , and claims 2- 
4, 6 and 9-12 dependent, either directly or indirectly, thereon, as obvious over Williams 
in view of Wood in further view of Levy. 

Claim 23 is directed to a computer program product having a computer- 
readable medium tangibly embodying computer executable instructions for secure 
session management according to the method of claim 1. 

Claim 23 has been amended for consistency with the amendments to 

claim 1. 

With arguments similar to those presented in defense of the non- 
obviousness of claim 1 , the Applicant submits that neither Williams, nor Wood, nor 
Levy, nor a combination of Williams, Wood and Levy disclose or suggest a computer 
program product having a computer-readable medium tangibly embodying computer 
executable instructions for "transmitting a redirect message to said browser, thereby 
redirecting said request to the second server" and "in conjunction with said transmitting, 
transmitting said session ID and said timestamp directly to the second server", as 
required by claim 23, as amended. Accordingly, the Applicant submits that claim 23, as 
amended, may not be properly rejected under 35 U.S.C. § 103(a) as being 
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unpatentable over Williams in view of Wood in further view of Levy. The Applicant 
respectfully requests that the Examiner withdraw the rejection of claim 23, and claims 
24-26, 28 and 31-34 dependent, either directly or indirectly, thereon, as obvious over 
Williams in view of Wood in further view of Levy. 

Claim 13 is directed to a system for secure session management. The 
system of claim 13 includes a first server including a first request handler and a second 
server including the requested web page. Claim 13 has been amended for consistency 
with amended claim 1 to require that the first request handler be "adapted to transmit a 
redirect message to said browser, thereby redirecting the request to said second server, 
and transmit the session ID and said timestamp directly to said second server". In 
Williams, "If a request from a client to a protected server does not include a single-use 
domain token, the protected server can redirect the client to the CDC to perform a login 
process" (paragraph [0067]). In Wood, "A session token is passed to browser 170 in 
conjunction with the redirect (5) to login component 120." Notably, neither Williams nor 
Wood are adapted to redirect a request to a second server, where the second server 
includes the requested web page. The Williams redirect is to a Cookie Distribution 
Center 202. The Wood redirect is to login component 120. The Examiner cites Levy to 
illustrate that the transfer of a session ID parameter and a time and date (timestamp) 
parameter between two network connected systems has been disclosed. As discussed 
above in relation to the rejection of claim 1 , the Applicant notes that the network 
connected system arranging transfer of a session ID parameter and a time and date 

15 



Response to the Office Action of August 19, 2009 
Serial No. 10/733,326 

(timestamp) parameter to another network connected system is a client (1, FIG. 1) 
executing a browser (5, FIG. 1) and not, as required by claim 13, a first server that is 
the recipient of a request for a web page that is present at a second server. 

The Applicant submits that neither Williams, nor Wood, nor Levy nor a 
combination of Williams, Wood and Levy suggest or disclose a first request handler 
adapted to "transmit a redirect message to said browser, thereby redirecting the request 
to said second server; and transmit the session ID and said timestamp directly to said 
second server", as required by claim 13, as amended. Accordingly, the Applicant 
submits that the system of claim 13 may not be properly rejected under 35 U.S.C. § 
1 03(a) as being unpatentable over Williams in view of Wood in further view of Levy. 
The Applicant respectfully requests that the Examiner withdraw the rejection of claim 
13, and claims 14-16, 18 and 21 dependent, either directly or indirectly, thereon, as 
obvious over Williams in view of Wood in further view of Levy. 

The Examiner has rejected claims 7 and 8 under 35 U.S.C. § 103(a) as 
being unpatentable over Williams in view of Wood in further view of Levy in further view 
of US Patent No. 5,907,621 to Bachman et al. (hereinafter "Bachman"). Claims 7 and 8 
depend directly and indirectly, respectively, from claim 1 and add limitations. The 
Examiner contends that the combination of Williams, Wood and Levy discloses most of 
the subject matter of claims 7 and 8 and cites Bachman to illustrate that the additional 
limitations added by claims 7 and 8 were known at the time the claimed inventions were 
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made. Without regard to whether Bachman discloses the limitations added by claims 7 
and 8, the Applicant submits that Bachman does not suggest or disclose those 
elements of the method of claim 1 that, as discussed above, have not been suggested 
or disclosed by Williams, Wood and Levy. Accordingly, the Applicant respectfully 
requests that the Examiner withdraw the rejection of claims 7 and 8 as obvious over 
Williams in view of Wood in further view of Levy in further view of Bachman. 

The Examiner has rejected claims 19 and 20 under 35 U.S.C. § 103(a) as 
being unpatentable over Williams in view of Wood in further view of Levy in further view 
of Bachman. Claims 19 and 20 depend indirectly from claim 13 and add limitations. The 
Examiner contends that the combination of Williams, Wood and Levy discloses most of 
the subject matter of claims 19 and 20 and cites Bachman to illustrate that the 
additional limitations added by claims 19 and 20 were known at the time the claimed 
inventions were made. Without regard to whether Bachman discloses the limitations 
added by claims 19 and 20, the Applicant submits that Bachman does not suggest or 
disclose a first request handler adapted to "transmit a redirect message to said browser, 
thereby redirecting the request to said second server; and transmit the session ID and 
said timestamp directly to said second server", as required by claim 13, as amended. 

Since it is submitted that neither Williams, nor Wood, nor Levy, nor 
Bachman, nor a combination of Williams, Wood, Levy and Bachman suggest or 
disclose a first request handler adapted to "transmit a redirect message to said browser, 
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thereby redirecting the request to said second server; and transmit the session ID and 
said timestamp directly to said second server", it is further submitted that the system of 
claims 19 and 20 may not be properly rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Williams in view of Wood in further view of Levy in further view of 
Bachman. It is respectfully requested that the Examiner withdraw the rejection of claims 
19 and 20 as obvious. 

The Examiner has rejected claims 29 and 30 under 35 U.S.C. § 103(a) as 
being unpatentable over Williams in view of Wood in further view of Levy in further view 
of Bachman. Claims 29 and 30 depend indirectly from claim 23 and add limitations. The 
Examiner contends that Williams, Wood and Levy disclose most of the subject matter 
of claims 29 and 30 and cites Bachman to illustrate that the additional limitations added 
by claims 29 and 30 were known at the time the claimed inventions were made. Without 
regard to whether Bachman discloses the limitations added by claims 29 and 30, the 
Applicant submits that Bachman does not disclose or suggest a computer program 
product having a computer-readable medium tangibly embodying computer executable 
instructions for "transmitting a redirect message to said browser, thereby redirecting 
said request to the second server" and "in conjunction with said transmitting, 
transmitting said session ID and said timestamp directly to the second server", as 
required by claim 23, as amended. Accordingly, the Applicant submits that claims 29 
and 30 may not be properly rejected under 35 U.S.C. § 103(a) as being unpatentable 
over Williams in view of Wood in further view of Levy in further view of Bachman. The 
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Applicant respectfully requests that the Examiner withdraw the rejection of claims 29 
and 30 as obvious. 

Favorable reconsideration and allowance of this application are 

respectfully requested. 

Respectfully Submitted, 
Nortel Networks Limited 

By: /Colin Climie 

Colin C. Climie, Registration. No. 56,036 



Place: Toronto, Ontario, Canada 
Date: November 19, 2009 
Tele No.: 416-868-1482 



